We released F-Secure Rescue CD 3.00 beta two weeks ago. After one more development sprint, here’s the actual release of F-Secure Rescue CD 3.00 for you!

Rescue CD scans the computer and renames all files containing malware to .virus file extension.

• Rescue CD will by default scan:
  • all hard drives in the computer
  • all USB drives attached to the computer
  • Windows FAT and NTFS drives
• Virus definition databases are updated automatically if the computer has an internet connection
• Virus definition databases can be updated manually by using a USB drive
• The Rescue CD Guide (pdf) has step by step instructions how to use the CD

Rescue CD is localized to English only.

The release package including an ISO image, the manual and release notes can be downloaded here. See the release notes for more information. Feel free to send us feedback!

details of f-secure-rescue-cd-3.00-release.zip:
size: 153MB
md5sum: ed690b558493c3096bb666ea19749316
sha1sum: 71017c8325e90aaf19f8d2cb2f235519239384c2

The next version of F-Secure Rescue CD is going to see the daylight in few weeks. And here comes a feature complete beta for you to try. The big changes compared to 2.00 include a proper manual for the product, ability to update databases manually with a USB stick, better hardware support (Knoppix version 5.3.1), upgraded NTFS driver (NTFS-3G 1.2506) and the ability to detect MBR viruses.

The beta package including an ISO image, the manual and release notes can be downloaded here. See the release notes for more information. Keep the feedback flowing!

details of f-secure-rescue-cd-3.00-beta.zip:
size: 151MB
md5sum: 8a66ca08ccdcb4759fae6bc9ce1818df
sha1sum: abdec0cd567880170c6e5fea2c780c549d82730a

Linux Security 7.01 has now been released, addressing the issue we blogged about last week. We urge all users to upgrade, even if you are using the Server Edition keycode. To prevent users from accidentally installing the old version, we have changed all keycodes - please contact your reseller to get the new 7.01 keycodes.

As the problem only occurred in certain circumstances, we have only received very few reports from customers that their systems have been affected. It was after investigating the first customer report that we decided to recall the product to minimize the potential impact on other customers. We would still like to hear from you if you think you have been affected - you can find our email address in the footer of the page.

With this version, we have also included Ubuntu 8.04 LTS as an officially supported platform.

You can download Linux Security 7.01 here, and please read the release notes:

• 32-bit package: f-secure-linux-security-7.01.72011.tgz (MD5, SHA1)
• 64-bit (x86_64) package: f-secure-linux-security-64bit-7.01.72011.tgz (MD5, SHA1)

We have discovered that the Linux Security 7.00 that we released just three weeks and a few days ago, contains a very serious bug that can have severe consequences for customer systems. The short version is: if you have installed Linux Security 7.00 and you are using the Client Edition keycode, please uninstall immediately to prevent further damage to your system. Below I have included the official recall notification sent to our maintenance notification mailing list and partners.

How could this happen? There really is no excuse to let this kind of things pass our testing. We have often boldly and proudly talked about our extensive testing and validation processes - and yet we failed to catch this bug. There were a number of things that went wrong, each of which should have caught this mistake. We do code reviews, automatic tests, manual validation, etcetera, and still at each of those steps human error made this possible. While researching this issue, most of our mistakes became very apparent to us, and steps have already been taken to prevent this and similar things from happening in the future, but we will still need to carefully examine this situation to figure out every possible way to fix our tools, processes and mindsets.

Here is the recall notification:

RELEASE RECALL

A serious issue has been discovered in the newly released F-Secure Linux
Security 7.00. The flaw only affects installations using the Client
Edition keycode. When triggered, the bug will cause serious data loss
and possibly render the system unusable by removing the entire /var
directory hierarchy. In other cases, random sub-directories of /var can
be silently deleted from the system. Installations using the Server
Edition keycode or running in evaluation mode are not affected.

To recover, the user must restore the /var directory from a backup.

F-Secure is urging all users of F-Secure Linux Security 7.00 Client
Edition to not make new installations and immediately uninstall it from
all systems to prevent further damage.

To check if your system is affected, run:

  grep “Device or resource busy” /var/opt/f-secure/fssp/dbupdate.log

If the command returns one or more rows, there is a high probability
that parts of your /var directory structure has been deleted and must be
restored from a backup.

F-Secure will release F-Secure Linux Security 7.01 within a few days,
that will fix this issue. A new notification will be posted when this
new version is available.

Greetings from HP Linux Forum 2008! Some members of our team are participating one of the biggest Linux events here in Helsinki, Finland.

The crowd here is a nice mix of traditional Linux nerds, some people a bit more business-oriented and some from public sector. Linux seems to be doing well - judging from the amount of participants - as the subjective estimate is that there are more people than last year.

Hot topics are of course still virtualization, just like last year, interoperability in heterogeneous environments and also the trend towards communities. There’s a nice SMS poll system in use here, showing the poll results on a big screen in real time. One poll showed that way over 80% of the participants were using both Linux and Windows in their companies. The Finnish Linux User Group’s prize went to the Ubuntu Finland community. Congratulations, well done!

There was a very good and entertaining speech from Teppo Sulonen, the CIO of City of Tampere. He was praising not only open source software, but openness in bigger sense. Three big cities in Finland have started working together on a common ICT infrastructure. The system is being implemented using common standards and open source technologies instead of the old style of all the cities building their own incompatible systems using proprietary technologies.

Karl Paetzel from HP commented that even if Linux necessarily isn’t in every corner of every datacenter, it is mainstream for almost every customer they talk with. So I think that even if the great coming of desktop Linux may not be here yet, it looks like Linux is very much mainstream in almost every other area.

Signing out,
Ripa

Linux Security 7 is now out and with it is a new version of Security Platform, v. 2.0. Security Platform is our scanning core. It contains the scanning daemon and everything else related to malware detection.

The scanning daemon, fsavd, has some new settings. These did not make it to the LS7 manual, mainly because we did not think too many people would be interested in peeking under the hood.

For those who are interested, here are the details:

First setting:
F-Secure Security Platform / Settings / Advanced / Archive Settings / Maximum archive size to decompress into memory (1.3.6.1.4.1.2213.48.1.100.10.10.10)
Any archive smaller than this size will be decompressed in memory while it is scanned. The default value is 50 MB. Valid values for this setting are 1 - 8000 MB

Second setting:
F-Secure Security Platform / Settings / Advanced / Archive Settings / Maximum archive size to decompress into temp file (1.3.6.1.4.1.2213.48.1.100.10.10.20)
Any archive larger than previous setting will be decompressed into a memory mapped temporary file. The default value is 100 MB. Valid values for this setting are 1 - 80000 MB.

These settings allow the user to fine tune the speed of scanning archives. Archive scanning is essentially a function of how much memory can be allocated to the task. Scanning is fastest when the whole archive can be decompressed into memory for scanning. Users can now allow fsavd to take as much memory as they feel comfortable with.

Some archives are so big they will not fit into memory. Those archives will be decompressed into a temporary file, which is mmap’ed in the scanning daemon. The 2nd setting specifies the maximum size for that temporary file.

We do scan archives even larger than can fit into the memory mapped temporary file, but that might be considerably slower because only a part of the archive can be decompressed at a time and might even need to be decompressed again if later analysis requires a part of the file to be re-examined.

In a nutshell: archive scanning is a compromise between speed and size. If you have lots of memory, you can have fast archive scanning. If you do not have a lot of memory but have a lot of disk space, you can have reasonably fast archive scanning. If you have neither, you are going to have slow archive scanning.

Third setting:
F-Secure Security Platform / Settings / Advanced / Archive Settings / Directory for temporary files (1.3.6.1.4.1.2213.48.1.100.10.10.30)
This setting specifies the directory where the memory mapped temporary files are created. The default directory is /tmp. The temporary files are unlinked immediately after they are created, so you will probably never see the files.

If you never want fsavd to create temporary files, set the 2nd setting equal to the 1st setting. Then all archive decompression will happen in memory.

Fourth setting:
F-Secure Security Platform / Settings / Advanced / Archive Settings / Maximum allowed compression ratio (1.3.6.1.4.1.2213.48.1.100.10.10.50)
Some archives do not contain real files but are maliciously constructed to cause havoc in an AV scanner by blowing up to an extremely large size. This setting allows fsavd to protect itself by issuing a scanning error for archives which have very large compression ratio. The default maximum compression ratio (decompressed size / compressed size) is 1000. Valid values for this setting are 1 - 1000.

Today we are proud to present a major piece of quality software, which we have improved, tested and polished with all of our skill, understanding, passion and love for the past 11 months. The release of Linux Security 7.00 has arrived. I’d like to highlight some of the improvements here:

• New web-based wizards have been added for manual scanning and configuring the integrity checking and rootkit protection features.
• A simplified, cleaned-up installer with less questions asked.
• A new kernel-level scanning result cache significantly improves the performance of on-access scanning.
• The new F-Secure Scanning Engine has been integrated.
• We added methods to completely disable specific components of the product, like the firewall or the web user interface. If you prefer using your distribution’s firewall configuration method, we will not interfere with it. If you prefer to not use the web user interface, there is no need to burden your system with it’s Java run-time environment.
• Firewall rules can now be applied to specific network interfaces.
• The F-Secure Gnome panel applet now notifies you of any security alerts.
• The client and server edition installer packages have been merged into a single installer to simplify distribution and installation. On the other hand, new 64-bit installer packages have been introduced to fully support new 64-bit distributions. Some things simply wouldn’t work with 32-bit compatibility libraries.
• If you’re still running F-Secure Antivirus for Linux 4.65, it’s now possible to upgrade to Linux Security 7.00 in command-line-only mode. If command-line scanning is all you need, this is for you.
• If you wish to integrate F-Secure’s cutting-edge scanning features with your own software, the Linux Security 7.00 release package contains an SDK for our daemon API, full with header files, a manual page, and example code in the C language.

With a large number of new Linux distributions added and a couple of old ones removed, this release is officially tested and supported on 33 different distribution versions. It should work on a few others, too, especially if installed in command-line-only mode.

Unfortunately the native Gnome scanning application, fsgav, had to be dropped before the release. Don’t worry, it will probably re-appear in a future version, once we’ve had time to smoothen it’s sharp edges a bit.

A full list of new features, changes and supported platforms can be found in the release notes. Please download your evaluation copy here:

As usual, the software can be evaluated for free for 30 days.

UPDATE: this build has been recalled. More information will be available here shortly.

If you wish to purchase licenses for your business, please get in touch with one of our sales partners or regional offices. End-user licenses should be available in the F-Secure eStore in the near future.

Just to make sure the message goes out: as mentioned by our colleagues in the lab, this week we released an important security advisory “FSC-2008-2″, about potential vulnerabilities affecting components common for many of our products, including Linux products. If you’re running one of our Linux products, chances are that you are affected and you should upgrade to the latest build immediately. Read the advisory for more information, or get more details from CERT-FI.

To get e-mail notifications about maintenance releases, subscribe to our maintenance release notification mailing list.

We have just released a new version of F-Secure Linux Client & Server Security. This 5.54 is mainly a bug fix release, including a new Automatic Update Agent and making the Web User Interface work properly with Microsoft Internet Explorer 7. Please check the release notes for more information on what has changed. As always, we recommend upgrading to the latest version even if any of the fixed issues do not seem to affect your environment. Please feel free to ask if you have any questions regarding this upgrade, and do drop us a note telling how the upgrade went :) The email address is at the bottom of this page.

The product packages and release notes are available from our Webclub:
F-Secure Linux Client Security 5.54
F-Secure Linux Server Security 5.54

As you may have read between the lines of our blog posts so far, we’re an agile team. We use Scrum to do our thing. In practice this means that instead of making rigid plans for a long time ahead and then following them, we split the work into iterations and try to adapt quickly as we learn more and the customer and market needs change.

This is how it works. We split our release projects into (usually) one month sprints. In the beginning of each sprint, we select the most important things to work on next and do detailed planning only for them. As you have probably noticed, we also strive to have some new features ready and released every sprint. The main idea here is to get feedback for the things we do as quickly as possible so that we can learn and adapt accordingly.

The point of this post is just to make sure you know we really (yes, rly :)) appreciate every little piece of the feedback you have sent us so far and hope you keep it up!